Persistent Worm.VBS.Solow.a

I need some help here. Not sure if this is the correct forum. I run XP home,avast! antivirus, Zone alarm (free), Spyware Doctor and a-Squared Free anti-malware. Never had a security problem since 1996 and most ports were stealth, others closed. I moved from Hong Kong last month (having used PCCW broadband in HK) to Bangkok where I am living long-term in a hotel using &quot;MagiNet&quot;, through cable. As soon as I plugged in I was infected by &quot;Worm.VBS.Solow.a&quot;. It appears to do nothing in my system and it is readily deleted. But each time I use the net it reappears. Virtually all my ports are now &quot;closed&quot;, not stealth, and ports 0,21,23,80 are wide open. I cannot &quot;re-stealth&quot; them. ZA firewall is on High, Windows security is on High and all my security programs are up to date but somehow this worm gets in. Is this a threat? How can I stealth my system again. Grateful for advice.

Re: Persistent Worm.VBS.Solow.a

The Remote Acces and Remote user should have been disabled. Secondly the Windows File and Printer sharing should have been disabled.

Ok about the open ports. How was this determined? By an online scan? The online scan should be actually testing the server from the hotel, not your machine. The open ports maybe the server ports and not your laptop.

The way to find out if the server is being scanned and not your machine is when the online port scan is started, the IP tested will be shown. If it matches the machine's IP, then the test is for your machine. If the IP shwon is different, then the machine being tested is not your machine.

Hotels and some public servers will leave these ports open by default. It make connecting easier for some ujsers and other servers.

Worm.VBS.Solow.a propogates through removable storage devices. I had guessed it would be an email worm or network worm, nut no it turns out it starts from risky media disk or USB flash.

Did the Avast boot time scan?
Did some online scans for extra measure/

Re: Persistent Worm.VBS.Solow.a

Oldsod, if you are still there- grateful for further assistance If my own PC is still secure (and I now beleive it is) and the hotel internet connections are not, is it unsafe to conduct any confidential transactions through the system? I presume that no matter how secure my PC is, once the transmission goes out thro' the hotel connection, it is at risk? Is that logical or paranoid? Any thoughts? Thanks.
Bruce

Re: Persistent Worm.VBS.Solow.a

If the hotel is using a cable internet for you to use, not so bad. But is risky.

If the hotel has a wireless connection with the cable internet , then that is not safe at all. Anybody can park the car just down the street, sit behind the steering-wheel, power a laptop and hook up to the hotel's network and see the other users.

All transmission, unless encrypted, are unsecured and open to anyone to see along it's path. The return from the other server/PC is just as open. each transmission has the packets openly showing and the header with the sender's address and the address of the last replier for that transmission.

Secure http ( or the https and secured email are outside of this rule. But if they are intercepted and recorded and relayed on to the next server, the actual message(s) can be deciphered by an expert.

Just remember that the internet is completely open. The DNS and providers and the hop servers all saw your message and where you are and where it went. They have recorded this- some temporarily and some in brief detail for several years. The server of yourhotel has probabaly recorded all connections and connection attempts made. Even google can tell what you looked at for the last few years- by recording your google searches and the links/sites used from their pages.

Any sites visited all saw your address and saw what OS, version of OS, browser, security settings, connection info, your DNS and your server involved, pings involved, trace route and even what town and country.

Re: Persistent Worm.VBS.Solow.a

Re: Persistent Worm.VBS.Solow.a

I have the same issue, i have the same problem. but i noticed this only when i upgrade to zone alarm 7 from 6.5, ver6.5 doesn't detects it. apart from this. now im unable to open any drives by double click, but only by right click.

can some one help me in this.

In my pc, remote access, system restore &amp; file sharing are alread disabled and ZA is updated automatically every instant and full system scan is done.

I have to enable the boot scan in BIOS. i think it may do some harm to my HDD also.

some one can help me.....

apart from this, now my IE home page &amp; title is changed, i manually edited the registry(main) after some time the home page again gets changed. i ran a deep inspection scan and everyday the temp folder in my PC is washed out thoroughly in safe mode and start up programs are monitored.

Re: Persistent Worm.VBS.Solow.a

Re: Persistent Worm.VBS.Solow.a

Hi Swaminathan

You got some sort of spyware installed on the PC. Actually the term malware is more appropiate for the label of this issue. Malware stands for "malicious software". It is very much like spyware- it does not destroy the PC like the hardrive killer viruses (actually called viri). It just harasses the uses to no end, or is sending out spam or denial of service attacks to a very selective server or is reporting info about you to somewhere.

Usually for these type of infections, just do this-

Do not bank or shop on-line or use any personal info
Change the signins and passwords for banks or financial companies
Remember to always backup your files, data and personal things

If it seems to much work to actually repair or remove the nasty infections, the HDD can be wiped by an eraser disk, the drive can be reformatted to NTFS, the windows can be reinstalled, drivers installed and updated, security and files replaced again and all updates from windows installed. Although it does take a couple days of time, the actual time invested is about a day or so.

Erase disk are recommended for several reasons:
reformats do no kill rootkits and some types of trojans.
erasing the disk makes it absolutely clean with no leftovers underneath the new install, and hence the actual windows reinstall runs a little better.

Even with a complete erase of a HDD, rootkits have been known to survive in the BIOS and the actual memory and the boot partition. Wiping the drive completely from end to end will erase the boot partition. Re-installing the BIOS or flashing the BIOS will clean the BIOS. Killing anything in the memory is done by pulling the power cord out of the wall and instantly killng the PC, when the erase is just finished. A little extra work and if the HDD is failing or very old, it may actually be ruined from the immediate power loss- a new drive or one in good condition should be okay from that torture.

Some users in the effort to remove rootkits have actually killed the power, pulled the harddrive out and then just replaced it with a brand new drive, reinstalled, and never touched any recent files for the reinstall of the OS. There was a chance some of the more recent backed-up files could have been infected and they are not willing to risk a re-infection.

I usually back-up files and things to a seperate USB HDD. It is physical seperate. Plus I have two machines and each one has info from the other, for a just-in-case the other PC and the USB HDD both go wrong. Lots of thing can be backed-up on CD or DVD. Very handy. Or just some flashdrives-plus they are very portable.